dix: Only check device events for possible ACLs.

We shouldn't be able to restrict events like Expose, etc. with device based ACLs. So we just ignore all non-input events when checking for permissions.
2007-08-23 18:02:10 +09:30 · 2007-08-23 18:02:10 +09:30 · 88a9828ef9
commit 88a9828ef9
parent 2c1431a76e
3 changed files with 36 additions and 6 deletions
--- a/dix/access.c
+++ b/dix/access.c
@ -36,6 +36,7 @@ from the author.

 #include <X11/Xlib.h>
 #include <X11/extensions/XI.h>
+#include "exglobals.h"

 #include "input.h"
 #include "inputstr.h"
@ -257,15 +258,41 @@ ACQueryWindowAccess(WindowPtr win,
 * If no rule could be found, allow.
 */
 Bool
-ACDeviceAllowed(WindowPtr win, DeviceIntPtr dev)
+ACDeviceAllowed(WindowPtr win, DeviceIntPtr dev, xEvent* xE)
 {
    int i;

    if (!win) /* happens for parent of RootWindow */
        return True;

+    /* there's a number of events we don't care about */
+    switch (xE->u.u.type)
+    {
+        case ButtonPress:
+        case ButtonRelease:
+        case MotionNotify:
+        case EnterNotify:
+        case LeaveNotify:
+        case KeyPress:
+        case KeyRelease:
+            break;
+        default:
+            if (xE->u.u.type == DeviceMotionNotify ||
+                    xE->u.u.type == DeviceButtonPress ||
+                    xE->u.u.type == DeviceButtonRelease ||
+                    xE->u.u.type == DeviceKeyPress ||
+                    xE->u.u.type == DeviceKeyRelease ||
+                    xE->u.u.type == DeviceEnterNotify ||
+                    xE->u.u.type == DeviceLeaveNotify)
+            {
+                break;
+            }
+            return True;
+    }
+
+
    if (!win->optional) /* no list, check parent */
-        return ACDeviceAllowed(win->parent, dev);
+        return ACDeviceAllowed(win->parent, dev, xE);

    for (i = 0; i < win->optional->access.nperm; i++)
    {
@ -282,6 +309,6 @@ ACDeviceAllowed(WindowPtr win, DeviceIntPtr dev)
            return False;
    }

-    return ACDeviceAllowed(win->parent, dev);
+    return ACDeviceAllowed(win->parent, dev, xE);
 }

--- a/dix/events.c
+++ b/dix/events.c
@ -1928,8 +1928,10 @@ DeliverEventsToWindow(DeviceIntPtr pDev, WindowPtr pWin, xEvent
    
    /* if a  is denied, we return 0. This could cause the caller to
     * traverse the parent. May be bad! (whot) */
-    if (!ACDeviceAllowed(pWin, pDev))
+    if (!ACDeviceAllowed(pWin, pDev, pEvents))
+    {
        return 0;
+    }

    /* CantBeFiltered means only window owner gets the event */
    if ((filter == CantBeFiltered) || 
@ -3348,7 +3350,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
    }
    if (!deliveries)
    {
-        if (ACDeviceAllowed(grab->window, thisDev))
+        if (ACDeviceAllowed(grab->window, thisDev, xE))
        {
            if (xE->u.u.type == GenericEvent)
            {
--- a/include/input.h
+++ b/include/input.h
@ -495,7 +495,8 @@ extern void ACQueryWindowAccess(WindowPtr win,
                                int* ndeny);

 extern Bool ACDeviceAllowed(WindowPtr win, 
-                            DeviceIntPtr dev);
+                            DeviceIntPtr dev,
+                            xEvent* xE);

 /* Implemented by the DDX. */
 extern int NewInputDeviceRequest(